DEV Community

Heritier Akilimali
Heritier Akilimali

Posted on

What is SSH and why should you use it?

Image description

SSH(secure shell) Is a protocol, and just like HTTP, FTP, and HTTPS its a way for computers to
connect and have a shared agreement on how to communicate with each other.

SSH allows computers to share files as well as control to modify a remote computer’s over the internet. It was created as a secure way of communication that encrypts all data so bad actors can’t monitor you.
SSH doesn’t communicate via the browser or a server but rather the shell, so two different computers would use SSH via the terminal to communicate with each other.

The significant advantage that SSH brings compared to its predecessor is the use of encryption to ensure secure transfer of information between the Host(the remote server you are trying to access) and the Client(the computer you use to access the Host) blocking out third parties without validated access.

How do you use SSH?

To use the SSH we write in the command line terminal with this syntax:

ssh your-username@host-IP-address

We start with ssh declaring that we are working with ssh and want to commence an encrypted secure shell connection and then fill in the username which is usually root or the system admin account and end it with the IP address of the host.
After connecting to the host you will have full access and you can start
declaring commands from your terminal to modify the host. An example would be to make a new directory or a file or even traverse through an existing directory.

PS. for windows users you will have to use an SSH client.
You can use SSH to connect to a server that your app is deployed to or
Github or a remote computer, and becoming proficient using SSH will make
your developer journey much more convenient, easier, and more productive.

How does SSH work?

Symmetrical encryption :

Uses one key for both encryption and decryption for both parties (host and
client), meaning that if you as the client want to send a piece of info, you
can have a key that encrypts that message, turning it into coded info that
looks much like gibberish and as long the host has that key then the host can decrypt the info and read it in its understandable format making it impossible for anyone without the key to getting a hold of the information that you transfer.

To make sure that the key is distributed to the ones that are meant to have them the key exchange algorithm is used.
This algorithm is secure because the key is never really transmitted between the client and the host, instead,
the client and host share public pieces of data and then manipulate it to independently calculate the key. So even if another third party that is not meant to have the key gets a hold of the key somehow, they will not be able
to use it since they won’t have the key exchange algorithm to help decipher
the key.

Asymmetrical encryption:

Asymmetrical encryption works by using a pair of keys, one key is a public
key and another is a private key. The public key can be shared around while the private key you keep for yourself and never share.

A transfer with this type of encryption can work by giving the public key
to the sender of information and using your private key to read the info.

So you can see that the private key can only decrypt the info of the given public key that’s paired up with the private key. The public keys can not decrypt their message, only the private key can do that.

This form of encryption is used during the Key Exchange algorithm to generate the key without it entering the public with the help of the Diffie Helman Key Exchange. The Diffie Helman key Exchange uses an algorithm that takes into account the public key, the private key, and the received public
key to generate the key for the final key.

Hashing:

SSH uses both Symmetric and Asymmetric encryption, since Asymmetric encryption is time-consuming most of the SSH connection uses Symmetric encryption as mentioned before.
The idea is to use Asymmetric encryption to share the public key and finally use Symmetric encryption to further communicate so that the connection speed is optimized.
Once a Symmetric secure connection is established, the server(Host) uses the Client’s public key to generate a questionnaire and transmit it to the Client for authentication.

If the client validates the authentication successfully then the connection is secure and he can then transfer info or gain control over the Host. There is however one problem here, Somebody can sit in the middle and pretend to be the other, and tamper or modify the message.

If they somehow convince the host or the client that they are the host or the client, then the information can flow through them and they will be a middleman, this is where Hashing comes to the rescue.

Image description

Hashing is another form of cryptography used in SSH connections, One way Hashing is different from symmetrical and asymmetrical encryption in that they are never meant to decrypt anything, they simply generate a unique value of a fixed length for each input that it gets, and it’s one-way transmission.

So if we input a message it will be processed through the hashing function and transformed into letters with no meaning and we will not be able to format it back to a readable format through the client. This is done through hmac(hash-based message authentication code). The principle goes like this, each message that is transmitted must contain a mac which is a hash.

This hash is generated by the symmetric key, the packet sequence, and the message content that we are transferring. The host can then take those same inputs into a hash function and get the message.SSH authentication with RSA on a server:
RSA is an SSH authentication method that allows us to use SSH without having to provide a password each time we use the SSH command in the terminal to connect with SSH.

To generate a public and private RSA key pair
-Traverse to the /.ssh directory and look for a file with the name id_rsa,
don’t worry if you can’t find it.
-If you can’t find it you will generate it by writing in the terminal the
command below
ssh-keygen -C “Your_Email”
-Press enter 3 through the questionnaire
You should now have an id_rsa file and an id_rsa.pub file.
Important to note now is that you should never share the key inside the id_rsa
file or else your encryption will be useless, but you can share the key in
the id_rsa.pub file when doing an SSH connection.
Now you can connect to the server with the password its the first time
before setting up the RSA inside of the server.
After connecting into the server, change to the ~/.ssh directory and…
-create a file called authorized_keys(if it doesn’t exist) and paste them
(id_rsa.pub) RSA public key inside it.
Now attempt to reconnect again with the SSH command.
After that, you might have to add your private key if you get (permission
denied), and you do that with the add ssh command which goes like this
ssh-add ~/.ssh/id_rsa
And now the connection should be established with the server and we can
modify the server from our terminal, from creating to deleting files and
directories etc.
Set up SSH on Github:
Create RSA or use the RSA files generated already.
Go to GitHub settings and go to ssh section, add the public ssh inside
there.
Add the private RSA key with ssh-add in the terminal,
and now you can use ssh to clone and pull files.

Discussion (0)